CVE-2012-4453 — LOW (2.1) — White Hats Nepal

Q: How severe is CVE-2012-4453?

CVE-2012-4453 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2012-4453?

Check the references section above for vendor advisories and patch information. Affected products include: Dracut Project Dracut, Fedoraproject Fedora, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation.

Vulnerability Description

dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information.

CVSS Score

2.1

LOW

AV:L/AC:L/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Dracut Project	Dracut	< 024
Fedoraproject	Fedora	16
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Workstation	6.0

Related Weaknesses (CWE)

CWE-276

References

http://git.kernel.org/?p=boot/dracut/dracut.git%3Ba=commit%3Bh=e1b48995c26c4f06d
http://rhn.redhat.com/errata/RHSA-2013-1674.htmlThird Party Advisory
http://www.openwall.com/lists/oss-security/2012/09/27/3Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2012/09/27/4Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2012/09/27/6Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/55713Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=859448Issue TrackingPatchThird Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/79258Third Party AdvisoryVDB Entry
http://git.kernel.org/?p=boot/dracut/dracut.git%3Ba=commit%3Bh=e1b48995c26c4f06d
http://rhn.redhat.com/errata/RHSA-2013-1674.htmlThird Party Advisory
http://www.openwall.com/lists/oss-security/2012/09/27/3Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2012/09/27/4Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2012/09/27/6Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/55713Third Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=859448Issue TrackingPatchThird Party Advisory

FAQ

What is CVE-2012-4453?

CVE-2012-4453 is a vulnerability with a CVSS score of 2.1 (LOW). dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to ob...

How severe is CVE-2012-4453?

CVE-2012-4453 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-4453?

Check the references section above for vendor advisories and patch information. Affected products include: Dracut Project Dracut, Fedoraproject Fedora, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation.